New Oracle Vulnerability and the Cost of Security Breaches

On the day TalkTalk announced the high cost of their recent website attack Oracle has announced a severe security vulnerability in its WebLogic software.

Oracle has issued an advisory of a severe vulnerability (CVE-2015-4852 – http://goo.gl/JMOv1H) in its WebLogic server. This can allow the remote execution of code, i.e. over a network, on a server without the need for a username and password. This vulnerability affects Oracle’s WebLogic Server, which is their strategic web and application server. At present a patch is not available but Oracle has published “mitigation recommendations”. Claremont recommends that all WebLogic users check as a matter of urgency whether their systems are affected, and prioritise Internet-facing servers.

Coincidentally, TalkTalk today announced the recent cyber-attack on their website, which resulted in the theft of confidential customer data, will cost the company between £30m and £35m. This cost includes TalkTalk’s response to the incident, the incremental calls into their call centres, additional IT and technology costs and lost revenue through reduced sales. However, TalkTalk’s CEO admits it is still “too early to tell” what the longer-term impact will be.

This is a timely reminder of the significant financial and reputational damage caused by security breaches and the importance of maintaining up-to-date and secure systems. Thus, it is important that all Oracle customers review their WebLogic servers.

Claremont’s services to all our Managed Services customers includes proactive advice and guidance for all relevant patches and updates, including security announcements like today’s regarding WebLogic. Through this Sentinel process, our customers receive timely communications advising whether their Oracle systems are affected and, where they are, what mitigation Claremont recommends and any potential side-effects of that mitigation.

Given concerns about IT security, one of our Oracle hosting customers recent engaged a third party to perform penetration testing on their key IT systems. Thanks to Claremont’s proactive maintenance and advice, those systems hosted and supported by the Claremont were the only ones not breached. Are yours as robust?!

Please contact us if you would like to discuss how Claremont could help with your Oracle systems’ security and maintenance.